The WYSIWYG rendering engine in Mozilla Thunderbird 1.0.7 and earlier
allows user-complicit attackers to bypass javascript security settings
and obtain sensitive information or cause a crash via an e-mail
containing a javascript URI in the SRC attribute of an IFRAME tag,
which is executed when the user edits the e-mail.

Updated packages have been patched to address this issue.
_______________________________________________________________________